Normalize OAuth API key to handle 0x prefixes#14094
Conversation
|
rickyrombo
force-pushed
the
mjp-normalize-oauth-api-key
branch
from
ef15d1c to
6976b4a
Compare
Strip 0x prefix from api_key/client_id query params at parse time and update isValidApiKey to accept prefixed keys, so OAuth consent works regardless of whether the key includes the prefix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rickyrombo
force-pushed
the
mjp-normalize-oauth-api-key
branch
from
6976b4a to
1fcf6c0
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates OAuth client API key handling to be tolerant of 0x-prefixed hex strings by normalizing query params during parsing and broadening API key validation.
Changes:
- Normalize
api_key/client_idquery params by stripping a leading0xduring param parsing (web + mobile). - Update
isValidApiKey(web + mobile) to accept keys with an optional0xprefix. - Keep existing redirect URI validation behavior unchanged.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| packages/web/src/pages/oauth-login-page/utils.ts | Accept optional 0x prefix in API key validation. |
| packages/web/src/pages/oauth-login-page/hooks.ts | Strip 0x prefix from parsed OAuth query param API key. |
| packages/mobile/src/screens/oauth-screen/utils.ts | Accept optional 0x prefix in API key validation. |
| packages/mobile/src/screens/oauth-screen/hooks/useParsedParams.ts | Strip 0x prefix from parsed OAuth query param API key. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
🌐 Web preview readyPreview URL: https://audius-web-preview-pr-14094.audius.workers.dev Unique preview for this PR (deployed from this branch). |
Summary
0xprefix fromapi_key/client_idquery params at parse time in the OAuth consent hooksisValidApiKeyto accept keys with0xprefixTest plan
0x-prefixed API keys🤖 Generated with Claude Code